The establishment of secure connections between communicating devices is essential to preserve the privacy and data integrity of the information that passes between them. Wireless connections are particularly vulnerable to attacks from malicious entities that could use other nearby wireless devices to perform such an attack. Current security methods are designed to withstand the most common types of attacks, such as man-in-the-middle (MITM) attacks, denial of service (DoS) attacks, or address resolution protocol (ARP) poisoning attacks. While many of the nuances of secure communication vulnerabilities are known, the choice of a specific security configuration for a given set of wireless connected devices is not trivial. For example, one security configuration may be highly dependent on the unique capabilities of the software and hardware architectures on a type of device, such as the significant resources available to a system of a personal computer connected to a wi-fi router. Alternatively, wirelessly communicating devices may rely on short range communication, such as in the case of a smartphone using near field communication, to provide a level of security using the limited range of the wireless transmission. To meet this continually evolving context, new connection security solutions are under constant development.
Devices that communicate via wireless inter-device connections often collaborate in a system or network, as exemplified in the growing paradigm of the Internet of Things (IoT). As many of these devices are dependent on private information, the establishment of secure connections between two or more devices is a common need in personal, home, and business settings. One general example that spans these settings includes the secure connection between a multi-function, personal user device, such as a smart phone, and an application device, sometimes called a “dongle” or peripheral device. Personal user devices utilize a suite of communications protocols to maximize security and inter-device compatibility, while application devices are designed with limited hardware and software in order have a form factor convenient for personal use and remain market competitive. Driven by this asymmetry in device functionality, the establishment of a secure connection between a personal user device and an application device can be limited by the application device. Careful consideration must be given to the design of a system to provision such a connection that has both usability and security.
The Transport Layer Security (TLS) protocol is a well-developed, customizable security protocol that can be used to secure a wireless communicative connection between a personal user device and an application device. TLS can be configured to provision a secure connection using symmetric or asymmetric key encryption schemes. Authentication with TLS can be established using methods defined by the public-key infrastructure (PKI) framework, for example with the use of certificates signed by a trusted third party. Furthermore, two or more devices can establish secure communication through a process in which a TLS server is instantiated on one device while the other devices can communicate with the TLS server as clients. Subsequently, the server and clients can negotiate the desired key encryption and authentication schemes through a process called a “handshake,” in which they both agree upon methods from series of pre-defined executable algorithms and server-client information transfers. It is of utmost importance that the key encryption and authentication methods within the handshake are implemented with the unique devices of the system in mind to enable the maximal security potential of the secure connection.